Handle expiring refresh tokens with oauth

Hi there,

I want to build a Python connector for Exact (accounting and invoicing service). The authentication for this service’s API is through OAuth. The problem with their implementation is that the refresh_token is only valid for 30 days, AND it is only valid the first time. On the refresh call, you get a new refresh token which should be used.

I saw the CDK comes with Oauth2Authenticator, I assume I can use this class to keep the access_token up to date. However, unless I’m mistaken, it doesn’t track or persist the new refresh token.

Does Airbyte have support for this? Or any suggestions how I can handle this case?

I thought about (ab)using the State in the protocol to keep track of the latest refresh token. But not sure if that is the way to go? Or can I persist the new refresh token in the ConnectorSpecification?

This topic is a duplicate of following topic: Need some guidance on customizing oauth token refresh - #2 by marcosmarxm. But as it was inactive and unresolved, I thought new discussion might work better.

Hello there! You are receiving this message because none of your fellow community members has stepped in to respond to your topic post. (If you are a community member and you are reading this response, feel free to jump in if you have the answer!) As a result, the Community Assistance Team has been made aware of this topic and will be investigating and responding as quickly as possible.
Some important considerations that will help your to get your issue solved faster:

  • It is best to use our topic creation template; if you haven’t yet, we recommend posting a followup with the requested information. With that information the team will be able to more quickly search for similar issues with connectors and the platform and troubleshoot more quickly your specific question or problem.
  • Make sure to upload the complete log file; a common investigation roadblock is that sometimes the error for the issue happens well before the problem is surfaced to the user, and so having the tail of the log is less useful than having the whole log to scan through.
  • Be as descriptive and specific as possible; when investigating it is extremely valuable to know what steps were taken to encounter the issue, what version of connector / platform / Java / Python / docker / k8s was used, etc. The more context supplied, the quicker the investigation can start on your topic and the faster we can drive towards an answer.
  • We in the Community Assistance Team are glad you’ve made yourself part of our community, and we’ll do our best to answer your questions and resolve the problems as quickly as possible. Expect to hear from a specific team member as soon as possible.

Thank you for your time and attention.
The Community Assistance Team

Hello Joël Luijmes, it’s been a while without an update from us. Are you still having problems or did you find a solution?

Hi Marcos,

Well, I just started developing and in the meantime there was an interesting development: #19428 - CDK: Emit control message on config mutation

That PR includes even a SingleUseRefreshTokenOauth2Authenticator which is exactly what I needed (and already end up created, but oh well). Now it just waiting before the platform actually operates on this message (#19811 - feat(Platform): update actor configuration when receiving control messages from connectors during sync)

Meanwhile I also submitted my PR #20480 - New Source: Exact Online.

Soo, all in all I think the question is answered due parallel developments :slight_smile: Now it is just waiting that the platform handle the Control messages, and review of my PR.